# CybrHawk SecOps CybrHawk provides a **24×7 Security Operations Centre (SOC)** to monitor, triage, and respond to security incidents. This page describes the key SOC functions and processes. *** ## Core Functions * **Continuous Monitoring** – Logs and telemetry from onboarded data sources are collected and analysed. * **Alert Triage** – Alerts are validated and classified by SOC analysts. * **Threat Hunting** – Proactive searches for hidden or undetected threats. * **Incident Response** – Containment and remediation actions coordinated with customer teams. * **Escalations** – High-severity events are escalated through agreed procedures. * **Reporting** – Dashboards and monthly reports track detections and SOC performance. *** ## SOC Workflow 1. **Monitoring**\ Data is collected from endpoints, network sensors, cloud services, and integrations. 2. **Triage**\ Alerts are reviewed in the **Security Detections Dashboard** and categorised (benign, suspicious, malicious). 3. **Escalation**\ Confirmed threats or cases requiring customer input are escalated via ticket, email, or phone. 4. **Containment and Response**\ Isolation of endpoints or accounts, blocking of IoCs, and coordination of customer IT response. 5. **Recovery and Closure**\ Malicious artefacts are removed, systems restored, and incidents closed once validated. 6. **Post-Incident Review**\ Reports and timelines are produced, including remediation recommendations. *** ## Communication Channels * **24×7 SOC Hotline** – For critical incidents. * **Email & Service Desk** – For non-urgent alerts or service requests. * **Zoom Bridge** – Live session during major incidents. * **Secure IM** – Optional real-time channel provided by SOC. *** ## Related Pages * [Incident Management Lifecycle](/cybrhawk-docs/security-operations/incident-lifecycle.md) * [Incident Response](/cybrhawk-docs/security-operations/incident-response.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/security-operations/security-operations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.